All Vulnerability Reports

CVE-2016-4450 Nginx Vulnerabilities


Severity

Medium

Vendor

nginx, Cloud Foundry

Versions Affected
  • nginx before 1.10.1 and 1.11.x versions before 1.11.1
  • Cloud Foundry staticfile buildpack prior to version 1.3.9
  • Cloud Foundry cf-release prior to version 238
Description

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal OpsManager 1.6.x versions prior to 1.6.15 AND 1.7.x versions prior to 1.7.6
  • Pivotal Elastic Runtime 1.6.x versions prior to 1.6.33 AND 1.7.x versions prior to 1.7.11
Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • Upgrade to Cloud Foundry version 238 or later
  • Upgrade the Cloud Foundry staticfile buildpack to version 1.3.9 or later and restage all applications that use automated buildpack detection

Users are strongly encouraged to follow the mitigation below:

  • Upgrade Pivotal OpsManager 1.6.x versions to 1.6.15 or later OR 1.7.x versions to 1.7.6 or later
  • Upgrade Pivotal Elastic Runtime 1.6.x versions to 1.6.33 or later OR 1.7.x versions to 1.7.11 or later
  • Upgrade the Cloud Foundry staticfile buildpack to version 1.3.9 or later and restage all applications that use automated buildpack detection. For more information, refer to the CF CLI documentation.

References
문의